Votre question

Ma connexion deconne et j'ai plein de pop up

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Septembre 2008 12:19:18

Bonjour, beh mon probleme est bien expliquer dans le sujet de ce topic que faire?

Autres pages sur : connexion deconne plein pop

10 Septembre 2008 12:43:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36, on 2008-09-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {3A55FFCE-5AE2-4EEB-922A-0239D924C801} - C:\WINDOWS\system32\iifebCRi.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911623F1-0291-4333-A009-22207910E076} - C:\WINDOWS\system32\opnlMdaw.dll (file missing)
O2 - BHO: {c6a60469-f1ef-9dfa-c184-731c68078c29} - {92c87086-c137-481c-afd9-fe1f96406a6c} - C:\WINDOWS\system32\hazmlh.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: D - {CFA5988C-E975-37CC-B1EE-ECDAEE898C6D} - C:\WINDOWS\system32\mmx23216.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [68730c46] rundll32.exe "C:\WINDOWS\system32\gpigrcbd.dll",b
O4 - HKLM\..\Run: [BM6b403fda] Rundll32.exe "C:\WINDOWS\system32\ryqjghsy.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\Alizé\Application Data\Adobe\Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifebCRi - C:\WINDOWS\SYSTEM32\iifebCRi.dll
O20 - Winlogon Notify: qoMeFwXQ - qoMeFwXQ.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10532 bytes
Contenus similaires
a b 8 Sécurité
10 Septembre 2008 12:47:21

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    10 Septembre 2008 13:24:08

    ComboFix 08-09-05.14 - Alizé 2008-09-10 13:04:47.3 - FAT32x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.455 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alizé\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Favoris\Download programs.url
    C:\Documents and Settings\Administrateur\Favoris\Games.url
    C:\Documents and Settings\Administrateur\Favoris\Translator.url
    C:\Documents and Settings\Administrateur\Favoris\Videos.url
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Download programs.url
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Games.url
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Translator.url
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Videos.url
    C:\Documents and Settings\Alizé\Application Data\Adobe\crc.dat
    C:\Documents and Settings\Alizé\Application Data\Adobe\Manager.exe
    C:\Documents and Settings\Alizé\Favoris\Download programs.url
    C:\Documents and Settings\Alizé\Favoris\Games.url
    C:\Documents and Settings\Alizé\Favoris\Translator.url
    C:\Documents and Settings\Alizé\Favoris\Videos.url
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\BM6b403fda.txt
    C:\WINDOWS\BM6b403fda.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\byXqRlIA.dll
    C:\WINDOWS\system32\dbcrgipg.ini
    C:\WINDOWS\system32\dqahhjgy.dll
    C:\WINDOWS\system32\epxwddnw.ini
    C:\WINDOWS\system32\gvrpfe.dll
    C:\WINDOWS\system32\hazmlh.dll
    C:\WINDOWS\system32\hgGaaASj.dll
    C:\WINDOWS\system32\hjwneonq.ini
    C:\WINDOWS\system32\hlbzjt.dll
    C:\WINDOWS\system32\icvgtyhm.dll
    C:\WINDOWS\system32\iifebCRi.dll
    C:\WINDOWS\system32\jkkLDTnN.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mhytgvci.ini
    C:\WINDOWS\system32\mmx23216.dll
    C:\WINDOWS\system32\mx23216.dll
    C:\WINDOWS\system32\njvbfyan.dll
    C:\WINDOWS\system32\ryqjghsy.dll
    C:\WINDOWS\system32\sfdlthgn.dll
    C:\WINDOWS\system32\tshoifmy.dll
    C:\WINDOWS\system32\uprarpko.dll
    C:\WINDOWS\system32\utxktd.dll
    C:\WINDOWS\system32\vpequudw.dll
    C:\WINDOWS\system32\wadMlnpo.ini
    C:\WINDOWS\system32\wadMlnpo.ini2
    C:\WINDOWS\system32\wnddwxpe.dll

    ----- BITS: Possible sites infect‚s -----

    http://pornotube30.net
    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 13:18 . 2008-09-10 13:18 294 ---hs---- C:\WINDOWS\system32\dbcrgipg.ini
    2008-09-09 19:20 . 2008-09-09 19:21 72,192 --a------ C:\WINDOWS\system32\gpigrcbd.dll
    2008-09-09 17:05 . 2004-02-23 01:00 1,386,496 --a------ C:\WINDOWS\system32\MSVBVM60.DLL
    2008-09-08 23:15 . 2008-09-08 23:15 <REP> d-------- C:\Program Files\fnac2
    2008-09-07 20:09 . 2008-09-07 20:09 <REP> d--hs---- C:\FOUND.034
    2008-09-07 17:25 . 2008-09-07 17:25 <REP> d--hs---- C:\FOUND.033
    2008-09-07 14:55 . 2008-09-07 14:55 <REP> d-------- C:\Program Files\RegCure
    2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-07 11:21 . 2008-09-07 11:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-06 21:49 . 2008-09-06 21:49 <REP> d-------- C:\Program Files\VstPlugins
    2008-09-06 21:49 . 2008-09-06 21:49 <REP> d-------- C:\Program Files\ASIO4ALL v2
    2008-09-06 21:49 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-09-06 21:49 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2008-09-06 21:48 . 2008-09-06 21:48 <REP> d-------- C:\Program Files\Outsim
    2008-09-06 21:46 . 2008-09-06 21:46 <REP> d-------- C:\Program Files\Image-Line
    2008-09-06 21:45 . 2008-09-06 21:50 129,277 --a------ C:\WINDOWS\system32\DriverUpdate.exe
    2008-09-05 21:46 . 2008-09-05 21:46 <REP> d-------- C:\Program Files\VirtualDJ
    2008-09-01 13:02 . 2008-09-01 13:02 <REP> d--hs---- C:\FOUND.032
    2008-08-24 13:56 . 2008-08-24 13:56 <REP> d-------- C:\Program Files\Beneton Software
    2008-08-22 14:14 . 2008-08-22 14:14 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-08-21 12:03 . 2008-08-21 12:03 <REP> d-------- C:\Program Files\VideoLAN
    2008-08-17 00:10 . 2008-08-26 13:06 162,008 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-08-17 00:10 . 2008-08-26 13:06 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-08-17 00:10 . 2008-08-17 00:10 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-08-16 23:58 . 2008-08-16 23:58 <REP> d-------- C:\Program Files\WarRock
    2008-08-13 17:08 . 2008-08-13 17:08 <REP> d-------- C:\Program Files\SuperCopier2

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-05 22:08 --------- d-----w C:\Program Files\LogMeIn
    2008-08-05 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
    2008-08-04 20:42 --------- d-----w C:\Program Files\Pydoku
    2008-08-01 16:19 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll
    2008-07-27 16:43 --------- d-----w C:\Program Files\CCleaner
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-27 11:09 487 ---ha-w C:\os466477.bin
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-01-05 12:22 374 ----a-w C:\Documents and Settings\Administrateur\Application Data\internaldb6334.dat
    2008-01-05 12:14 18,432 ----a-w C:\Documents and Settings\Administrateur\Application Data\internaldb41.dat
    2008-01-05 11:57 555 ----a-w C:\Documents and Settings\Administrateur\Application Data\internaldb8467.dat
    2007-02-23 19:57 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2005-11-04 09:25 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2008-03-01 13:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008030120080302\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 110592]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-06-02 176128]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 7561216]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-01 98304]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
    "68730c46"="C:\WINDOWS\system32\gpigrcbd.dll" [2008-09-09 72192]
    "NvMediaCenter"="NvMCTray.dll" [2006-04-27 C:\WINDOWS\system32\nvmctray.dll]
    "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-04-27 03:48 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    -r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\age\\empires2.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\Java\\jre1.6.0_07\\BIN\\java.exe"=
    "C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "C:\\Program Files\\Java\\jdk1.6.0_10\\bin\\java.exe"=
    "C:\\Program Files\\Java\\jdk1.6.0_10\\jre\\bin\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"=
    "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
    R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
    R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-08-01 147456]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
    R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-27 16269]
    R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-01-20 841110]
    R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-01-02 8278]
    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ]
    S3 ids0015d;ids0015d;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys [ ]
    S3 ids00180;ids00180;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys [ ]
    S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys [ ]
    S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys [ ]
    S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdcdf178-1552-11dd-8938-001a92b1c493}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{3A55FFCE-5AE2-4EEB-922A-0239D924C801} - C:\WINDOWS\system32\iifebCRi.dll
    BHO-{911623F1-0291-4333-A009-22207910E076} - C:\WINDOWS\system32\opnlMdaw.dll
    BHO-{92c87086-c137-481c-afd9-fe1f96406a6c} - C:\WINDOWS\system32\hazmlh.dll
    HKLM-Run-BM6b403fda - C:\WINDOWS\system32\ryqjghsy.dll
    ShellExecuteHooks-{3A55FFCE-5AE2-4EEB-922A-0239D924C801} - C:\WINDOWS\system32\iifebCRi.dll
    Notify-qoMeFwXQ - qoMeFwXQ.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Alizé\Application Data\Mozilla\Firefox\Profiles\8o07s97y.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-10 13:18:09
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\gpigrcbd.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE
    C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRAM FILES\LOGMEIN\X86\RAMAINT.EXE
    C:\PROGRAM FILES\LOGMEIN\X86\LOGMEIN.EXE
    C:\PROGRAM FILES\LOGMEIN\X86\LMIGUARDIAN.EXE
    C:\WINDOWS\SYSTEM32\NVSVC32.EXE
    C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
    C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
    C:\WINDOWS\SYSTEM32\WDFMGR.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
    C:\PROGRAM FILES\LOGMEIN\X86\LMIGUARDIAN.EXE
    C:\PROGRAM FILES\APOINT2K\APNTEX.EXE
    C:\PROGRAM FILES\APOINT2K\HIDFIND.EXE
    C:\PROGRAM FILES\APOINT2K\APVFB.EXE
    C:\WINDOWS\ATK0100\ATKOSD.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-10 13:20:33 - machine was rebooted [Aliz‚]
    ComboFix-quarantined-files.txt 2008-09-10 11:20:32

    Pre-Run: 5,423,235,072 octets libres
    Post-Run: 5,788,631,040 octets libres

    278 --- E O F --- 2008-08-31 10:04:31
    10 Septembre 2008 13:41:29

    docteur...
    a b 8 Sécurité
    10 Septembre 2008 13:49:22

    Euh tu patientes ?

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    10 Septembre 2008 17:53:13

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1136
    Windows 5.1.2600 Service Pack 2

    10/09/2008 17:36:50
    mbam-log-2008-09-10 (17-36-50).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 198272
    Temps écoulé: 1 hour(s), 40 minute(s), 10 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 39

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68730c46 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\gpigrcbd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dbcrgipg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP139\A0074365.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP139\A0075105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP140\A0076192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP140\A0076193.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076257.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076269.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076279.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076280.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\uprarpko.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\njvbfyan.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\gvrpfe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\vpequudw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tshoifmy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\utxktd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\icvgtyhm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\wnddwxpe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\sfdlthgn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\hlbzjt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ryqjghsy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\dqahhjgy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\hazmlh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mx23216.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mmx23216.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Documents and Settings\Alizé\Application Data\Adobe\Manager.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    10 Septembre 2008 17:55:50

    Refais un scan Combofix.
    10 Septembre 2008 18:09:20

    ComboFix 08-09-05.14 - Alizé 2008-09-10 18:03:05.4 - FAT32x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.600 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alizé\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 14:10 . 2008-09-10 14:10 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-10 14:10 . 2008-09-10 14:10 <REP> d-------- C:\Documents and Settings\Alizé\Application Data\Malwarebytes
    2008-09-10 14:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-10 14:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-10 13:20 . 2008-09-10 13:20 <REP> d-------- C:\Documents and Settings\AlizÚ
    2008-09-09 17:05 . 2004-02-23 01:00 1,386,496 --a------ C:\WINDOWS\system32\MSVBVM60.DLL
    2008-09-08 23:15 . 2008-09-08 23:15 <REP> d-------- C:\Program Files\fnac2
    2008-09-07 20:09 . 2008-09-07 20:09 <REP> d--hs---- C:\FOUND.034
    2008-09-07 17:25 . 2008-09-07 17:25 <REP> d--hs---- C:\FOUND.033
    2008-09-07 14:55 . 2008-09-07 14:55 <REP> d-------- C:\Program Files\RegCure
    2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-07 11:21 . 2008-09-07 11:21 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-06 21:49 . 2008-09-06 21:49 <REP> d-------- C:\Program Files\VstPlugins
    2008-09-06 21:49 . 2008-09-06 21:49 <REP> d-------- C:\Program Files\ASIO4ALL v2
    2008-09-06 21:49 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-09-06 21:49 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2008-09-06 21:48 . 2008-09-06 21:48 <REP> d-------- C:\Program Files\Outsim
    2008-09-06 21:46 . 2008-09-06 21:46 <REP> d-------- C:\Program Files\Image-Line
    2008-09-06 21:45 . 2008-09-06 21:50 129,277 --a------ C:\WINDOWS\system32\DriverUpdate.exe
    2008-09-05 21:46 . 2008-09-05 21:46 <REP> d-------- C:\Program Files\VirtualDJ
    2008-09-01 13:02 . 2008-09-01 13:02 <REP> d--hs---- C:\FOUND.032
    2008-08-24 13:56 . 2008-08-24 13:56 <REP> d-------- C:\Program Files\Beneton Software
    2008-08-22 14:14 . 2008-08-22 14:14 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-08-21 12:07 . 2008-08-21 12:07 <REP> d-------- C:\Documents and Settings\Alizé\Application Data\vlc
    2008-08-21 12:03 . 2008-08-21 12:03 <REP> d-------- C:\Program Files\VideoLAN
    2008-08-17 14:08 . 2008-08-17 14:08 <REP> d-------- C:\Documents and Settings\Alizé\Application Data\Shareaza
    2008-08-17 00:10 . 2008-08-26 13:06 162,008 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-08-17 00:10 . 2008-08-26 13:06 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-08-17 00:10 . 2008-08-17 00:10 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-08-16 23:58 . 2008-08-16 23:58 <REP> d-------- C:\Program Files\WarRock
    2008-08-16 23:58 . 2008-08-16 23:58 <REP> d-------- C:\Documents and Settings\Alizé\Application Data\InstallShield
    2008-08-13 17:08 . 2008-08-13 17:08 <REP> d-------- C:\Program Files\SuperCopier2

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-08 15:24 --------- d-----w C:\Documents and Settings\Alizé\Application Data\La Bataille pour la Terre du Milieu
    2008-08-05 22:08 --------- d-----w C:\Program Files\LogMeIn
    2008-08-05 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
    2008-08-04 20:42 --------- d-----w C:\Program Files\Pydoku
    2008-08-01 16:19 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll
    2008-07-27 16:58 --------- d-----w C:\Documents and Settings\Alizé\Application Data\ScanSoft
    2008-07-27 16:43 --------- d-----w C:\Program Files\CCleaner
    2008-07-26 18:33 --------- d-----w C:\Documents and Settings\Alizé\Application Data\Nokia
    2008-07-25 14:38 --------- d-----w C:\Documents and Settings\Alizé\Application Data\CyberLink
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-27 11:09 487 ---ha-w C:\os466477.bin
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-01-05 12:22 374 ----a-w C:\Documents and Settings\Administrateur\Application Data\internaldb6334.dat
    2008-01-05 12:14 18,432 ----a-w C:\Documents and Settings\Administrateur\Application Data\internaldb41.dat
    2008-01-05 11:57 555 ----a-w C:\Documents and Settings\Administrateur\Application Data\internaldb8467.dat
    2007-02-23 19:57 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2005-11-04 09:25 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    2008-03-01 13:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008030120080302\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-10_13.20.08.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-10 15:45:28 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_23c.dat
    + 2008-09-10 15:44:44 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_634.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 110592]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-06-02 176128]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 7561216]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-01 98304]
    "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
    "NvMediaCenter"="NvMCTray.dll" [2006-04-27 C:\WINDOWS\system32\nvmctray.dll]
    "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 15360]

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-04-27 03:48 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    -r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\age\\empires2.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\Java\\jre1.6.0_07\\BIN\\java.exe"=
    "C:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "C:\\Program Files\\Java\\jdk1.6.0_10\\bin\\java.exe"=
    "C:\\Program Files\\Java\\jdk1.6.0_10\\jre\\bin\\java.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"=
    "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
    R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
    R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-08-01 147456]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
    R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-27 16269]
    R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-01-20 841110]
    R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-01-02 8278]
    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ]
    S3 ids0015d;ids0015d;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys [ ]
    S3 ids00180;ids00180;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys [ ]
    S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys [ ]
    S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys [ ]
    S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdcdf178-1552-11dd-8938-001a92b1c493}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Alizé\Application Data\Mozilla\Firefox\Profiles\8o07s97y.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-10 18:06:28
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> ?:\WINDOWS\System32\CSCDLL.dll
    .
    Temps d'accomplissement: 2008-09-10 18:07:02
    ComboFix-quarantined-files.txt 2008-09-10 16:07:00
    ComboFix2.txt 2008-09-10 11:20:36

    Pre-Run: 5,779,456,000 octets libres
    Post-Run: 5,778,112,512 octets libres

    207 --- E O F --- 2008-08-31 10:04:31
    a b 8 Sécurité
    10 Septembre 2008 18:20:04

    Re,

    Supprime ces dossiers :
    C:\FOUND.034
    C:\FOUND.033
    10 Septembre 2008 18:22:30

    Ok et ensuite?
    a b 8 Sécurité
    10 Septembre 2008 18:25:08

    Reposte un rapport Hijackthis.
    10 Septembre 2008 18:27:06

    Re,


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:26:06, on 10/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Apoint2K\Apvfb.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 8793 bytes
    10 Septembre 2008 20:37:46



    Avira AntiVir Personal
    Report file date: mercredi 10 septembre 2008 19:38

    Scanning for 1608238 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: ORDI-ALIZÉ

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
    ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 17:37:22
    ANTIVIR3.VDF : 7.0.6.142 314368 Bytes 10/09/2008 17:37:28
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 10/09/2008 17:37:52
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50
    AERDL.DLL : 8.1.1.1 397683 Bytes 10/09/2008 17:37:50
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 10/09/2008 17:37:46
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 10/09/2008 17:37:44
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50
    AEGEN.DLL : 8.1.0.36 315764 Bytes 10/09/2008 17:37:32
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22
    AECORE.DLL : 8.1.1.11 172406 Bytes 10/09/2008 17:37:30
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
    AVREP.DLL : 8.0.0.2 98344 Bytes 10/09/2008 17:37:28
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 10 septembre 2008 19:38

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
    Scan process 'Apvfb.exe' - '1' Module(s) have been scanned
    Scan process 'HIDFIND.EXE' - '1' Module(s) have been scanned
    Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
    Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
    Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
    Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
    Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
    Scan process 'Apoint.exe' - '1' Module(s) have been scanned
    Scan process 'HControl.exe' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'ALG.EXE' - '1' Module(s) have been scanned
    Scan process 'DLLHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'WDFMGR.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
    Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
    Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
    Scan process 'RAMAINT.EXE' - '1' Module(s) have been scanned
    Scan process 'JQS.EXE' - '1' Module(s) have been scanned
    Scan process 'IJPLMSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
    Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    49 processes with 49 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '61' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\DriverUpdate.exe
    [0] Archive type: RAR SFX (self extracting)
    --> Setup_ver1.1594.1.exe
    [DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
    [DETECTION] Contains recognition pattern of the DR/Dldr.Zlob.ydb dropper
    [NOTE] The file was deleted!
    C:\Documents and Settings\Alizé\Application Data\Sun\Java\Deployment\cache\6.0\52\6d7493b4-3a5e6608
    [0] Archive type: ZIP
    --> OP.class
    [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
    [NOTE] The file was deleted!
    C:\Documents and Settings\Alizé\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-32165bac
    [0] Archive type: ZIP
    --> MagicApplet.class
    [DETECTION] Contains recognition pattern of the EXP/Java.Bytver.5.B exploit
    --> OwnClassLoader.class
    [DETECTION] Contains recognition pattern of the EXP/ByteVerify exploit
    --> ProxyClassLoader.class
    [DETECTION] Contains recognition pattern of the EXP/Java.Bytver.5.A exploit
    --> Installer.class
    [DETECTION] Contains recognition pattern of the EXP/ByteVerify.S.1 exploit
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP130\A0063362.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.BEI back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP130\A0063390.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\IEDFix.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.43 back-door program
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP139\A0074271.exe
    [DETECTION] Contains recognition pattern of the DR/Dldr.JKOJ.18 dropper
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP139\A0074272.exe
    [DETECTION] Contains recognition pattern of the DR/Dldr.JKOJ.18 dropper
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP139\A0074366.exe
    [DETECTION] Is the TR/Agent.159744.D Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076258.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076259.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076260.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076261.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP141\A0076346.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{B232632F-891C-420A-8470-571731715893}\RP142\A0077474.exe
    [0] Archive type: RAR SFX (self extracting)
    --> Setup_ver1.1594.1.exe
    [DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
    [DETECTION] Contains recognition pattern of the DR/Dldr.Zlob.ydb dropper
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\byXqRlIA.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\hgGaaASj.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\iifebCRi.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\jkkLDTnN.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was deleted!
    Begin scan in 'D:\' <Disque D>


    End of the scan: mercredi 10 septembre 2008 20:31
    Used time: 53:13 Minute(s)

    The scan has been done completely.

    10640 Scanning directories
    695441 Files were scanned
    23 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    18 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    695417 Files not concerned
    9771 Archives were scanned
    1 Warnings
    18 Notes

    a b 8 Sécurité
    10 Septembre 2008 20:50:06

    Reposte un rapport Hijackthis.
    12 Septembre 2008 15:32:13

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:31:50, on 12/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Apoint2K\Apvfb.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 9020 bytes
    a b 8 Sécurité
    12 Septembre 2008 15:41:17

    Tu as encore des soucis ?
    12 Septembre 2008 15:56:12

    Non pas pour le moment...

    J'attends juste de t'entendre me dire que mon pc est guéris.
    a b 8 Sécurité
    12 Septembre 2008 16:03:48

    C'est ok pour moi.
    12 Septembre 2008 16:06:58

    Donc pour moi aussi,
    Je te remercie beaucou
    a b 8 Sécurité
    12 Septembre 2008 16:10:54

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS